This copy is for your personal non-commercial use only. To order presentation-ready copies of Toronto Star content for distribution to colleagues, clients or customers, or inquire about permissions/licensing, please go to: www.TorontoStarReprints.com

Malware may knock thousands off Internet on Monday

Tens of thousands of Americans and thousands of Canadians may lose their Internet service Monday unless they do a quick check of their computers for malware that could have taken over their machines more than a year ago.

Thousands of Canadians and tens of thousands of Americans may lose their Internet service Monday unless they do a quick check of their computers for malware that could have taken over their machines more than a year ago.

Despite repeated alerts, the number of computers that are probably infected is more than 277,000 worldwide, down from about 360,000 in April. Of those still infected, the FBI believes that about 64,000 are in the United States. In Canada, about 7,000 computers remain infected, CBC News reports.

Users whose computers are still infected Monday will lose their ability to go online, and they will have to call their Internet service providers for help.

Canadians can check their computers by visiting the DNSChanger Malware Checker, here.

Article Continued Below

The problem began when international hackers ran an online advertising scam to take control of more than 570,000 infected computers around the world. When the FBI went in to take down the hackers late last year, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.

In a highly unusual move, the FBI set up a safety net. They brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet access.

But that temporary system will be shut down at 12:01 a.m. EDT Monday, July 9.

Most victims don’t even know their computers have been infected, although the malicious software probably has slowed their Web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

But popular social networking sites and Internet providers have gotten more involved, reaching out to computer users to warn of the problem.

According to Tom Grasso, an FBI supervisory special agent, many Internet providers are ready for the problem and have plans to try to help their customers. Some, such as Comcast, already have reached out.

The company sent out notices and posted information on its website. Because the company can tell whether there is a problem with a customer’s Internet server, Comcast sent an email, letter or Internet notice to customers whose computers appeared to be affected.

Grasso said other Internet providers may come up with technical solutions that they will put in place Monday that will either correct the problem or provide information to customers when they call to say their Internet isn’t working. If the Internet providers correct the server problem, the Internet will work, but the malware will remain on victims’ computers and could pose future problems.

In addition to individual computer owners, about 50 Fortune 500 companies are still infected, Grasso said.

Both Facebook and Google created their own warning messages that showed up if someone using either site appeared to have an infected computer. Facebook users would get a message that says, “Your computer or network might be infected,” along with a link that users can click for more information.

Google users got a similar message, displayed at the top of a Google search results page. It also provides information on correcting the problem.

The site includes links to respected commercial sites that will run a quick check on the computer, and it also lays out detailed instructions if users want to actually check the computer themselves.

In April, the Canadian Internet Registration Authority (CIRA), in collaboration with Public Safety Canada and the Canadian Radio-television Telecommunications Commission (CRTC), developed an online DNS Checker to screen users’ computers for the DNSChanger malware.

The DNS Checker will match the DNS Internet Protocol (IP) address against the known Operation Ghost Click IP addresses. A green banner indicates that a computer is not infected with the malware, while a red banner indicates it may be infected with the malware. If the banner is red, the user is encouraged to consult the Public Safety Canada website that provides further information on detection and removal of the DNSChanger malware.

The Toronto Star and thestar.com, each property of Toronto Star Newspapers Limited, One Yonge Street, 4th Floor, Toronto, ON, M5E 1E6. You can unsubscribe at any time. Please contact us or see our privacy policy for more information.

More from the Toronto Star & Partners

LOADING

Copyright owned or licensed by Toronto Star Newspapers Limited. All rights reserved. Republication or distribution of this content is expressly prohibited without the prior written consent of Toronto Star Newspapers Limited and/or its licensors. To order copies of Toronto Star articles, please go to: www.TorontoStarReprints.com